Flylib.com
Network Security Assessment: Know Your Network
Network Security Assessment: Know Your Network
ISBN: 059600611X
EAN: 2147483647
Year: 2006
Pages: 166
Authors:
Chris McNab
BUY ON AMAZON
Network Security Assessment
Table of Contents
Copyright
Foreword
About Bob Ayers
Preface
Recognized Assessment Standards
Hackers Defined
Organization
Audience
Mirror Site for Tools Mentioned in This Book
Using Code Examples
Conventions Used in This Book
Comments and Questions
Acknowledgments
Chapter 1. Network Security Assessment
1.1 The Business Benefits
1.2 IP: The Foundation of the Internet
1.3 Classifying Internet-Based Attackers
1.4 Assessment Service Definitions
1.5 Network Security Assessment Methodology
1.6 The Cyclic Assessment Approach
Chapter 2. The Tools Required
2.1 The Operating Systems
2.2 Free Network Scanning Tools
2.3 Commercial Network Scanning Tools
2.4 Protocol-Dependent Assessment Tools
Chapter 3. Internet Host and Network Enumeration
3.1 Web Search Engines
3.2 NIC Querying
3.3 DNS Querying
3.4 Enumeration Technique Recap
3.5 Enumeration Countermeasures
Chapter 4. IP Network Scanning
4.1 ICMP Probing
4.2 TCP Port Scanning
4.3 UDP Port Scanning
4.4 IDS Evasion and Filter Circumvention
4.5 Low-Level IP Assessment
4.6 Network Scanning Recap
4.7 Network Scanning Countermeasures
Chapter 5. Assessing Remote Information Services
5.1 Remote Information Services
5.2 systat and netstat
5.3 DNS
5.4 finger
5.5 auth
5.6 SNMP
5.7 LDAP
5.8 rwho
5.9 RPC rusers
5.10 Remote Information Services Countermeasures
Chapter 6. Assessing Web Services
6.1 Web Services
6.2 Identifying the Web Service
6.3 Identifying Subsystems and Components
6.4 Investigating Web Service Vulnerabilities
6.5 Accessing Poorly Protected Information
6.6 Assessing CGI Scripts and Custom ASP Pages
6.7 Web Services Countermeasures
Chapter 7. Assessing Remote Maintenance Services
7.1 Remote Maintenance Services
7.2 SSH
7.3 Telnet
7.4 R-Services
7.5 X Windows
7.6 Microsoft Remote Desktop Protocol
7.7 VNC
7.8 Citrix
7.9 Remote Maintenance Services Countermeasures
Chapter 8. Assessing FTP and Database Services
8.1 FTP
8.2 FTP Banner Grabbing and Enumeration
8.3 FTP Brute-Force Password Guessing
8.4 FTP Bounce Attacks
8.5 Circumventing Stateful Filters Using FTP
8.6 FTP Process Manipulation Attacks
8.7 FTP Services Countermeasures
8.8 Database Services
8.9 Microsoft SQL Server
8.10 Oracle
8.11 MySQL
8.12 Database Services Countermeasures
Chapter 9. Assessing Windows Networking Services
9.1 Microsoft Windows Networking Services
9.2 Microsoft RPC Services
9.3 The NetBIOS Name Service
9.4 The NetBIOS Datagram Service
9.5 The NetBIOS Session Service
9.6 The CIFS Service
9.7 Unix Samba Vulnerabilities
9.8 Windows Networking Services Countermeasures
Chapter 10. Assessing Email Services
10.1 Email Service Protocols
10.2 SMTP
10.3 POP-2 and POP-3
10.4 IMAP
10.5 Email Services Countermeasures
Chapter 11. Assessing IP VPN Services
11.1 IPsec VPNs
11.2 Attacking IPsec VPNs
11.3 Check Point VPN Security Issues
11.4 Microsoft PPTP
11.5 VPN Services Countermeasures
Chapter 12. Assessing Unix RPC Services
12.1 Enumerating Unix RPC Services
12.2 RPC Service Vulnerabilities
12.3 Unix RPC Services Countermeasures
Chapter 13. Application-Level Risks
13.1 The Fundamental Hacking Concept
13.2 The Reasons Why Software Is Vulnerable
13.3 Network Service Vulnerabilities and Attacks
13.4 Classic Buffer-Overflow Vulnerabilities
13.5 Heap Overflows
13.6 Integer Overflows
13.7 Format String Bugs
13.8 Memory Manipulation Attacks Recap
13.9 Mitigating Process Manipulation Risks
13.10 Recommended Secure Development Reading
Chapter 14. Example Assessment Methodology
14.1 Network Scanning
14.2 Accessible Network Service Identification
14.3 Investigation of Known Vulnerabilities
14.4 Network Service Testing
14.5 Methodology Flow Diagram
14.6 Recommendations
14.7 Closing Comments
Appendix A. TCP, UDP Ports, and ICMP Message Types
A.1 TCP Ports
A.2 UDP Ports
A.3 ICMP Message Types
Appendix B. Sources of Vulnerability Information
B.1 Security Mailing Lists
B.2 Vulnerability Databases and Lists
B.3 Underground Web Sites
B.4 Security Events and Conferences
Colophon
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_Q
index_R
index_S
index_T
index_U
index_V
index_W
index_X
index_Y
Network Security Assessment: Know Your Network
ISBN: 059600611X
EAN: 2147483647
Year: 2006
Pages: 166
Authors:
Chris McNab
BUY ON AMAZON
A+ Fast Pass
Domain 1 Installation, Configuration, and Upgrading
Domain 4 Motherboard/Processors/Memory
Domain 6 Basic Networking
Domain 3 Diagnosing and Troubleshooting
Domain 4 Networks
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
The Functional Triad Computers in Persuasive Roles
Computers as Persuasive Media Simulation
Computers as Persuasive Social Actors
Increasing Persuasion through Mobility and Connectivity
The Ethics of Persuasive Technology
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Form Presentation and Validation with Struts
Building a Data Access Tier with ObjectRelationalBridge
Templates and Velocity
Creating a Search Engine with Lucene
Building the JavaEdge Application with Ant and Anthill
File System Forensic Analysis
FAT Data Structures
Metadata Category
Other Topics
Summary
Directory Entries
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Traditional Transmission Media
The Internet and IP Infrastructures
Internet Addressing and Address Resolution
Wireless Communications Basics
2G: Digital Cellular Radio
VBScript in a Nutshell, 2nd Edition
Why Use WSH?
Writing Component Code
Section A.13. Object Programming
Section C.4. Logical and Bitwise Operators
Appendix E. The Script Encoder
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies